Intrusion Prevention

Forum.Livre.infouser.asp.SQL.Injection

Description

Forum Livre has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "info-user.asp" script, with injected SQL statements in the "user" parameter.

Affected Products

Forum Livre version 1.0

Impact

Data Manipulation.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2007-0589